| View previous topic :: View next topic |
| Author |
Message |
ColdDoT
Grandmaster Cheater
 Reputation: 0
Joined: 18 May 2006
Posts: 703
Location: The netherlands
|
 Posted: Sun Jun 03, 2007 4:36 pm Post subject: |
 |
|
If i clock it on 62 mili sec then sometimes not and sometimes it will show up error 15
so that is critic point BUT
when it does not shows then i still get error hacking thread detected because a rewritten a addres in MS
_________________
|
|
| Back to top |
|
 |
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Sun Jun 03, 2007 4:48 pm Post subject: |
|
|
| ColdDoT wrote: | If i clock it on 62 mili sec then sometimes not and sometimes it will show up error 15
so that is critic point BUT
when it does not shows then i still get error hacking thread detected because a rewritten a addres in MS |
Is it the Maple Story CRC generating the error or the Game Guard CRC?
Remember, you need to implement both.
|
|
| Back to top |
|
|
ColdDoT
Grandmaster Cheater
Reputation: 0
Joined: 18 May 2006
Posts: 703
Location: The netherlands
|
| Posted: Sun Jun 03, 2007 4:55 pm Post subject: |
|
|
Ok it is a bit late here 1:38 AM, so lemme explain
GameGuard has now a CRC protection the MS client it self so if u edit some memory of MS then GAMEGUARD Trows hacks detected
But it is an option of GameGuard thats the push 2 for (high securitie is 2, off i s 0)
So when MS is decrypted i have to change the call to start GG with the CRC option 2 to 0
If i do this to quick i will kill ASProtect so it will trow warning
If i do this to slow GameGuard is already started with CRC option 2
Is this better explained ????
Now here is solution in pseudo code
| Code: | while(ReadAddySecondByte != 2)
Sleep(1);//Wait till ASProtect is done unpacking it CHANGED VALUE to 1 SO we never could miss it
}
//So now if u get to this point the addy there is 2 so lets change it quick
ChangeAddySecondByte(addy,0) //Change the second byte from the assemble not the PUSH but the value behind it and change it to 0 |
_________________
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Sun Jun 03, 2007 5:04 pm Post subject: |
|
|
I understood it before hand. Not only that your time is wrong (At the time of posting it should have been x:55 not x:3 .
Most of what you have put there is what I have been explaining to you.
Like I said, find a check so ASProtect is done unpacking, change the byte, let Maple Story load Game Guard. I can't (and won't) find the check for you because I don't even have Maple on my computer.
|
|
| Back to top |
|
|
ColdDoT
Grandmaster Cheater
Reputation: 0
Joined: 18 May 2006
Posts: 703
Location: The netherlands
|
| Posted: Sun Jun 03, 2007 5:08 pm Post subject: |
|
|
Mmmm then i'm just back to basic
AND BTW Form board timer is WRONG
I'll post without hastating and it is now 1:57
//EDIT: I give up
| Code: | rpm:
inc counter
cmp counter, 1000
jge timeerr
invoke Sleep, 5
invoke ReadProcessMemory, ProcessInfo.hProcess, 0042E5C2h, offset ReadBuff, 2, NULL
cmp ReadBuff, read
jne rpm
invoke WriteProcessMemory, ProcessInfo.hProcess, 0042E5C2h, offset write, 2, 2
cmp eax, 2
jne writeerr |
Not working changed addreses both and seperate same for bytes
_________________
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Sun Jun 03, 2007 5:16 pm Post subject: |
|
|
| Code: | rpm:
inc counter
cmp counter, 1000
jge timeerr
invoke Sleep, 5
invoke ReadProcessMemory, ProcessInfo.hProcess, 0042E5C2h, offset ReadBuff, 2, NULL
cmp ReadBuff, read
jne rpm
invoke Sleep, 100 ; Screw with this value till it works.
invoke WriteProcessMemory, ProcessInfo.hProcess, 0042E5C2h, offset write, 2, 2
cmp eax, 2
jne writeerr |
|
|
| Back to top |
|
|
ColdDoT
Grandmaster Cheater
Reputation: 0
Joined: 18 May 2006
Posts: 703
Location: The netherlands
|
| Posted: Sun Jun 03, 2007 5:21 pm Post subject: |
|
|
already done that i think i'm at the wrong addy but i'll go futer on that tommorow
Goodnight
_________________
|
|
| Back to top |
|
|
opcode0x90
Cheater
![]() Reputation: 0
Joined: 05 Aug 2006
Posts: 27
|
| Posted: Mon Jun 04, 2007 2:49 am Post subject: |
|
|
Try to put in some variable instead of NULL for the last argument.
| Code: |
invoke ReadProcessMemory, ProcessInfo.hProcess, 0042E5C1h, offset ReadBuff, 1, addr SomeVar
|
Side Note:
MASM supports .if and .endif, so you might want to use that instead of jXX instructions.
|
|
| Back to top |
|
|
ColdDoT
Grandmaster Cheater
Reputation: 0
Joined: 18 May 2006
Posts: 703
Location: The netherlands
|
| Posted: Mon Jun 04, 2007 3:12 am Post subject: |
|
|
I know opcode, but if i print the buffer return addres even then it wont return anything good
i've rewritten it into C++ and testing it NOW, i'll post results
//EDIT
Yay i got owned
ok here is the big big big big problem
open up EMS with olly
addy 0042E5C1 is push 2
run 1 shift+f9
addy push 2
run 2 shift+f9
BOEM addy is not push 2 it will change everytime if u run shift+F9
if u change it after run 1 or 2 it will trow error 15 or sometimes 1
LOADER WORKS PERFECTLY
Only ASProtect pwns me in the face
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
